CVE-2020-6240

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver As Abap (web Dynpro Abap) (SAP Ui); SAP Netweaver As Abap (web Dynpro Abap) (SAP Basis)
Vendor: CVE Published:; 12 May 2020

Summary

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service

Affected Version(s)

SAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS) < 700 < 700

SAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS) < 710 < 710

SAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS) < 730 < 730

References

https://launchpad.support.sap.com/#/notes/2856923

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2020
Vulnerability Reserved
Jan 8, 2020